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1 . In response to amendment filed on 27 October 2006 and Examiner Initiated Interview on 
8 January 2007. 

2. An examiner's amendment to the record is attached. Please enter entire claim set. Should 
the changes and/or additions be unacceptable to applicant, an amendment may be filed as 
provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. The examiner's amendment to amend 
claims 68, 72 ? 91, 101, and 105 and cancel claims 70, 73, 93, 96; was authorized by attorney of 
record Peter Ludwig in phone interview on 8 January 2007, followed by a confirmation call. 

Reasons for Allowance 
3 Claims 55-69, 71-72, 74-92, 94-95, and 97-105 are allowed over the prior art of record. 

The following is a statement of reasons for the indication of allowable subject matter: 

In interpreting the claims in light of the specification and applicant's arguments as well as 
Examiner's Amendment attached. Examiner finds the claimed invention is patentable distinct 
from the prior art of record. 

The prior art of record, Hunt et al. introducing a registration agent to present an 
intermediary between sites and internet users and the prior art of record Dan et aL introducing a 
web management system associating each web page with attributes. 

The prior art of record, Hunt or Dan, fail to anticipate or render Applicant's particular 
feature that: 

"providing a linked collection of Web pages, comprising at least first and second 
Web pages, on a Web site maintained by an enterprise so as to enable a user to 
exchange information with the enterprise via the Web pages; assigning, by the 
enterprise, respective, non-uniform privacy policies to at least some of the Web 
pages regarding the use of the information that is exchanged through the Web 
pages, the privacy policies comprising at least a first privacy policy assigned to the 
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first Web page and a second, different privacy policy assigned to the second Web 
page" 

The dependent claims, being further limiting to the independent claims, defined and 
enabled by the Specification are also allowed. 

3. Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance". 

4. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 

(571) 272-3842. The examiner can normally be reached from 10:00 am to 6:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Jacques H. Louis- Jacques can be reached on (571) 272-6962. The fax phone number for the 

organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

^ Ellen. Tran <^^^^f 
Patent Examiner KAMBIZ ZAND 

Technology Center 2134 p R |j^ARY EXAMINER 
8 January 2007 
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EXAMINER'S AMENDMENT: 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
LISTING OF CLAIMS 
1-54 (Canceled) 

55. (Previously presented) A computer-implemented method for privacy management, 
comprising: 

providing a linked collection of Web pages, comprising at least first and second Web 
pages, on a Web site maintained by an enterprise, so as to enable a user to exchange 
information with the enterprise via the Web pages; 

assigning, by the enterprise, respective, non-uniform privacy policies to at least some 
of the Web pages regarding use of the information that is exchanged through the Web 
pages, the privacy policies comprising at least a first privacy policy assigned to the first Web 
page and a second, different privacy policy assigned to the second Web page; 

providing to the user accessing the first and second Web pages the respective 
privacy policies for the first and second Web page; and 

exchanging the information with the user via the Web site subject to the non- 
uniform privacy policies, such that at least a first portion of the information is exchanged 
via the first Web page subject to the first privacy policy, and at least a second portion of 
the information is exchanged via the second Web page subject to the second privacy policy. 

56. (Previously presented) A method according to claim 55, wherein exchanging the 
information with the user comprises receiving private information submitted to the 
enterprise by the user. 
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57. (Previously presented) A method according to claim 56, wherein receiving the private 
information comprises receiving the user's agreement to at least one of the privacy 
policies, and recording the private information together with an indication of the at least one 
of the privacy policies agreed upon. 

58. (Previously presented) A method according to claim 57, and comprising: intercepting a 
request from an application to use the private information received from the user; 

querying the application to determine its compliance with the at least one of the 
privacy policies subject to which the requested information was received; and 

providing the requested information subject to the compliance of the application with 
the at least one of the privacy policies. 

59. (Previously presented) A method according to claim 55, wherein providing the linked 
collection of Web pages comprises arranging the Web pages in a hierarchy of nodes that 
comprises a root node, such that each of the nodes except for the root node has a parent 
node in the hierarchy, and 

wherein assigning the privacy policies comprises assigning to each of at least some 
of the nodes, including the nodes associated with the first and second Web pages, one or 
more respective privacy rules regarding use of the information that is associated with the 
nodes, and setting for each of the nodes a node privacy policy that comprises the privacy 
rules assigned to the node combined, for each of the nodes except the root node, with the 
node privacy policy of its parent node. 

60. (Previously presented) A method according to claim 55, wherein providing the 
respective privacy policies comprises informing the user who . has exchanged the 
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information associated with the first Web page subject to the first privacy policy of a 
difference in the second privacy policy relative to the first privacy policy before 
exchanging the information associated with the second Web page. 

61. (Previously presented) A method according to claim 55, wherein assigning the non- 
uniform privacy policies comprises assigning an initial privacy policy to the first 

Web page, and subsequently making a change in the initial privacy policy so as to assign 
a modified privacy policy to the first Web page, and wherein providing the privacy 
policies to the user comprises informing the user who has exchanged information 
with the first Web page subject to the initial privacy policy of the change. 

62. (Previously presented) A method according to claim 61, wherein informing the user 
comprises prompting the user to provide an input to indicate whether the user accepts or 
rejects the change. 

63. (Previously presented) A method according to claim 55, wherein assigning the privacy 
policies comprises storing the privacy policies in a computer server belonging to the 
enterprise, and wherein providing the privacy policies to the user comprises intercepting a 
request by the user to access the first Web page and providing the first privacy policy to the 
user responsive to the request. 

64. (Previously presented) A method according to claim 55, wherein providing the 
privacy policies comprises conveying the policies in a standard form for presentation by a 
Web browser. 

65. (Previously presented) A method according to claim 64, wherein the standard form 
comprises a form specified by the Platform for Privacy Preferences Project (P3P). 
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66. (Previously presented) A method according to claim 55, wherein assigning the 
non-uniform privacy policies comprises determining a rating for each of the policies 
based on a predetermined rating scale. 

67. (Previously presented) A method according to claim 55, wherein assigning the non- 
uniform privacy policies comprises defining first and second user classes and defining, 
for a given one of the Web pages, different first and second class privacy policies, 
respectively, for the first and second user classes, and wherein providing the privacy policies 
to the user comprises determining whether the user belongs to the first or second class; and 
providing the first or the second class privacy policy accordingly. 

68. (Currently amended) A computer-implemented method for privacy 
management, comprising: 

arranging a body of information in a hierarchy of nodes that comprises a root node, 
such that each of the nodes except for the root node has one or more ancestor nodes in the 
hierarchy; 

assigning to each of at least some of the nodes one or more respective privacy rules 
regarding use of the information that is associated with the node; 

wherein arranging the body of information comprises associating the nodes with 
respective Web pages accessible through a Web site; 

receiving a request from a user to access a given node; 

computing a node privacy policy for the given node by combining the privacy 

rules assigned to the given node with node privacy policies of the ancestor nodes of the 
given node in the hierarchy; 



Application/Control Number: 09/728,661 Page 8 

Art Unit: 2134 

providing the computed node privacy policy to the user; and 

exchanging with the user at least a portion of the information that is associated 

with the given node subject to the provided privacy policy. 

69. (Previously presented) A method according to claim 68, wherein exchanging the 
information with the user comprises receiving private information submitted by the user. 

70. (Canceled) 

71. (Previously presented) A method according to claim 68, wherein assigning the 
respective privacy rules comprises representing the privacy rules assigned to each of the at 
least some of the nodes as respective policy sections, which are written in an extended 
extensible markup language (XML) and comprise an attribute identifying a parent node in 
the hierarchy. 

72. (Currently amended) A computer-implemented method for privacy management, 
comprising: 

providing a linked collection of interactive resources through which a user is able to 
exchange information with an enterprise that provides the resources, at least some of the 
resources having privacy policies associated therewith regarding use of the information that 
is exchanged through the resources; 

wherein the collection of interactive resources comprises a collection of Web pages 
accessible through a Web site of the enterprise; 

receiving information from users who access the resources subject to the privacy 
policies; 
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intercepting a request from an application to use the information received from the 

users; 

upon receiving the request from the application, querying the application to 
determine compliance of the application with the privacy policies subject to which the 
requested information was received; and 

providing the requested information to the application subject to the compliance of 
the application with the privacy policies. 

73. (Canceled) 

74. (Previously presented) A method according to claim 72 , wherein providing the 
linked collection of resources comprises associating non-uniform privacy policies with the 
resources, and wherein receiving the information comprises receiving and storing different 
items of the information subject to different privacy rules from among the non-uniform 
privacy policies. 

75. (Previously presented) A method according to claim 74, wherein providing the 
requested information comprises checking the compliance of the application with the 
privacy rules respectively applicable to each of the items of the information requested by the 
application. 

76. (Previously presented) A method according to claim 74, wherein providing the 
requested information comprises determining that the application does not comply with the 
rules respectively applicable to a given item of the information, and refusing to provide the 
requested information with respect to the given item, while providing other information 
with respect to which the application does comply with the respectively applicable rules. 
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77. (Previously presented) A method according to claim 72, wherein receiving the 
information comprises receiving the information from first and second users subject to 
respective first and second privacy policies, and wherein providing the requested 
information comprises checking the compliance of the application with both the first and the 
second privacy policies. 

78. (Previously presented) A method according to claim 72, and comprising making a 
record of the request and of the information provided responsive thereto in a log for review 
in a subsequent privacy audit. 

79. (Previously presented) Apparatus for privacy management, comprising a computer 
enterprise server arranged to provide a linked collection of Web pages, comprising at least first 
and second Web pages, on a Web site maintained by an enterprise, so as to enable a user to 
exchange information with the enterprise via the Web pages, and to permit the enterprise to 
assign respective, non-uniform privacy policies to at least some of the Web pages regarding use 
of the information that is exchanged through the Web pages, the privacy policies comprising at 
least a first privacy policy assigned to the first Web page and a second, different privacy policy 
assigned to the second Web page, and further arranged to provide to the user accessing the first 
and second Web pages the respective privacy policies for the first and second Web page, and to 
exchange the information with the user via the Web site subject to the non-uniform privacy 
policies, such that at least a first portion of the information is exchanged via the first Web page 
subject to the first privacy policy, and at least a second portion of the information is exchanged 
via the second Web page subject to the second privacy policy. 
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80. (Previously presented) Apparatus according to claim 79, wherein the information 
exchanged with the user comprises private information submitted to the enterprise by the user. 

81. (Previously presented) Apparatus according to claim 80, wherein the server is arranged 
to receive the user's agreement to at least one of the privacy policies, and to record the private 
information together with an indication of the at least one of the privacy policies agreed 
upon. 

82. (Previously presented) Apparatus according to claim 81, wherein the server is further 
arranged to intercept a request from an application to use the private information received 
from the user, to query the application to determine its compliance with the at least one of 
the privacy policies subject to which the requested information was received, and to 
provide the requested information subject to the compliance of the application with the at 
least one of the privacy policies. 

83. (Previously presented) Apparatus according to claim 79, wherein the Web pages are 
arranged in a hierarchy of nodes that comprises a root node, such that each of the nodes 
except for the root node has a parent node in the hierarchy, and wherein the server is 
arranged to associate with each of at least some of the nodes, including the nodes associated 
with the first- and second Web pages, one or more respective privacy rules regarding use of 
the information that is associated with the nodes, and to set for each of the nodes a node 
privacy policy that comprises the privacy rules assigned to the node combined, for each of 
the nodes except the root node, with the node privacy policy of its parent node. 

84. (Currently Amended) Apparatus according to claim 79, wherein the server is arranged, 
to inform the user who has exchanged the information associated with the first [[Be]] page to 
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the first privacy policy of a difference in the second privacy policy relative to the first privacy 
policy before exchanging the information associated with the second Web page. 

85. (Previously presented) Apparatus according to claim 79, wherein the server is 
arranged to assign an initial privacy policy to the first Web page, and subsequently to 
receive an indication of a change in the initial privacy policy so as to assign a modified 
privacy policy to the first Web page, and to inform a user who has exchanged 
information with the first Web page subject to the initial privacy policy of the change. 

86. (Previously presented) Apparatus according to claim 85, wherein the server is 
arranged to generate a prompt to the user to provide an input to indicate whether the 
user accepts or rejects the change. 

87. (Previously presented) Apparatus according to claim 79, wherein the server is 
adapted to convey the policy to a client computer in a standard form for presentation by a 
Web browser. 

88. (Previously presented) Apparatus according to claim 87, wherein the standard form 
comprises a form specified by the Platform for Privacy Preferences Project (P3P). 

89. (Previously presented) Apparatus according to claim 79, wherein the server is arranged 
to determine a rating for each of the policies based on a predetermined rating scale. 

90. (Previously presented) Apparatus according to claim 79, wherein the server is arranged 
to receive a definition of first and second user classes and, for a given one of 

the resources, different first and second class privacy policies, respectively, for the first and 
second user classes, and to determine whether the user belongs to the first or 
second class and to provide the first or the second class privacy policy to the user 
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accordingly. 

91. (Currently amended) Apparatus for privacy management, comprising a computer 
server arranged to receive and store a body of information in a hierarchy of nodes that 
comprises a root node, such that each of the nodes except for the root node has one or more 
ancestor nodes in the hierarchy, together with an assignment to each of at least some of the 
nodes of one or more respective privacy rules regarding use of the information that is 
associated with the node; 

wherein the body of information comprises a collection of Web pages accessible 
through a Web site, and wherein the server is arranged to associate the nodes with respective 
ones of the Web pages; 

wherein the server is arranged, in response a request from a user to access a given 
node, to compute a node privacy policy for the given node by combining the privacy 
rules assigned to the given node with node privacy policies of the ancestor nodes of the 
given node in the hierarchy, to provide the computed node privacy policy to the user, and 
to exchange with the user at least a portion of the information that is associated with the 
given node subject to the provided privacy policy. 

92. (Previously presented) Apparatus according to claim 91, wherein the information 
exchanged with the user comprises private information submitted to the server by the 
user. 

93. (Canceled) 

94. (Previously presented) Apparatus according to claim 91, wherein the server is 
arranged to represent the privacy rules assigned to each of the at least some of the 
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nodes as respective policy sections, which are written in an extended extensible 
markup language (XML) and comprise an attribute identifying a parent node in the 
hierarchy. 

95. (Currently amended) Apparatus for privacy management, comprising a computer 
enterprise server arranged to provide a linked collection of interactive resources through 
which a user is able to exchange information with an enterprise that provides the resources, 
at least some of the resources having privacy policies associated therewith regarding use of 
the information that is exchanged through the resources, and to receive information from 
users who access the resources subject to the privacy policies, wherein the collection of 
interactive resources comprises a collection of Web pages accessible through a Web site of 
the enterprise, wherein the server is arranged to intercept a request from an application to 
use the information received from the users, and upon receiving the request, to query the 
application to determine compliance of the application with the privacy policies subject to 
which the requested information was received, and to provide the requested 
information to the application subject to the compliance of the application with the privacy 
policies. 

96. (Canceled) 

97. (Previously presented) Apparatus according to claim 95, wherein the server is 
arranged to associate non-uniform privacy policies with the resources, and to receive 
and store different items of the information subject to different privacy rules from 
among the non-uniform privacy policies. 
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98. (Previously presented) Apparatus according to claim 97, wherein the server is arranged 
to check the compliance of the application with the privacy rules respectively applicable to 
each of the items of the information requested by the application. 

99. (Previously presented) Apparatus according to claim 97, wherein when the 
server is arranged, upon determining that the application does not comply with the rules 
respectively applicable to a given item, to refuse to provide the requested information 
with respect to the given item, while providing other information with respect to which the 
application does comply with the respectively applicable rules. 

100. (Previously presented) Apparatus according to claim 95, wherein the server is 
arranged to receive the information from first and second ones of the users subject to 
respective first and second privacy policies, and to check the compliance of the 
application with both the first and the second privacy policies. 

101. (Previously presented) Apparatus according to claim 95, wherein the server is 
adapted to make a record of the request and of the information provided responsive 
thereto in a log for review in a subsequent privacy audit. 

102. (Previously presented) A computer software product for privacy management, 
comprising a computer-readable medium in which program instructions are stored, which 
instructions, when read by a computer, cause the computer to provide a linked collection 
of Web pages, comprising at least first and second Web pages, on a Web site maintained by 
an enterprise, so as to enable a user to exchange information with the enterprise via the 
Web pages, and to permit the enterprise to assign respective, non-uniform privacy policies 
to at least some of the Web pages regarding use of . the information that is exchanged 
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through the Web pages, the privacy policies comprising at least a first privacy policy 
assigned to the first Web page and a second, different privacy policy assigned to the second 
Web page, 

wherein the instructions further cause the computer to provide to the user 
accessing the first and second Web pages the respective privacy policies for the first and 
second Web page, and to exchange the information with the user via the Web site 
subject to the non-uniform privacy policies, such that at least a first portion of the 
information is exchanged via the first Web page subject to the first privacy policy, and at 
least a second portion of the information is exchanged via the second Web page subject 
to the second privacy policy. 

103. (Previously presented) A product according to claim 102, wherein the information 
exchanged with the user comprises private information submitted to the enterprise by the 
user, and wherein the instructions cause the computer to receive and store the private 
information together with an indication of the privacy policy agreed upon. 

104. (Currently amended) A computer software product for privacy management, 
comprising a computer-readable medium in which program instructions are stored, which 
instructions, when read by a computer, cause the computer to arrange a body of information 
in a hierarchy of nodes that comprises a root node, such that each of the nodes except for 
the root node has one or more ancestor nodes in the hierarchy, to assign to each of at 
least some of the nodes one or more respective privacy rules regarding use of the 
information that is associated with the node, wherein arranging the body of information 
comprises associating the nodes with respective Web pages accessible through a Web site. 
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wherein the instructions cause the computer, in response a request from a user to access a 
given node, to compute a node privacy policy for the given node by combining the 
privacy rules assigned to the given node with node privacy policies of the ancestor nodes of 
the given node in the hierarchy, to provide the computed node privacy policy to the user, 
and to exchange with the user at least a portion of the information that is associated 
with the given node subject to the provided privacy policy. 

105. (Currently amended) A computer software product for privacy management, 
comprising a computer-readable medium in which program instructions are stored, which 
instructions, when read by a computer, cause the computer to provide a linked collection 
of interactive resources through which a user is able to exchange information with an 
enterprise that provides the resources, at least some of the resources having privacy policies 
associated therewith regarding use of the information that is exchanged through the 
resources, and to receive information from users who access the resources subject to the 
privacy policies, wherein the collection of interactive resources comprises a collection of 
Web pages accessible through a Web site of the enterprise wherein the instructions cause 
the computer to intercept a request from an application to use the information received 
from the users, to query the application to determine its compliance with the privacy 
policies subject to which the requested information was received, and to provide the 
requested information subject to the compliance of the application with the privacy policies. 




